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Amdt. dated January 7, 2008 

Reply to Office Action of August 7, 2007 

REMARKS/ARGUMENTS 

Applicant has received the Office Action dated August 7, 2007 (hereinafter 
"Current Office Action"), in which the Examiner continued to reject claims 1-36 as 
being allegedly anticipated by Rothermel et al. (U.S. Pat. No. 6,678,827, 
hereinafter "Rothermel"). With this Response, Applicant has amended claims 1 , 
18, 22 and 31. Based upon the amendments and arguments contained herein, 
Applicant believes this case is in condition for allowance. 
I. THE ROTHERMEL REFERENCE 

Applicant respectfully submits that the Rothermel reference, cited by the 
Examiner as allegedly anticipating all the claims of the subject application, 
teaches allowing "the manager device to create a consistent security policy for 
the multiple NSDs by distributing a copy of a security policy template to each of 
the NSDs and by then configuring each copy of the template with NSD-specific 
information." Rothermel, col. 3, lines 32-36. This ordering of first sending the 
template to the NSD and then configuring the template at the NSD with device 
specific information is consistently repeated throughout the reference, both in the 
specification and the claims. See Rothermel, col. 4, lines 32-38 ("...[the] system 
allows a security policy manager device to create a consistent security policy for 
multiple network security devices (NSDs) by distributing a copy of a security 
policy template to each of the NSDs and by then configuring each copy of the 
template with NSD-specific information.") (emphasis added); col. 4, lines 65-67 
through col. 5, lines 1-4 ("...the manager device can distribute the template to 
multiple NSDs by sending a single copy of the template to a supervisor device 
associated with the NSDs and by then having the supervisor device update each 
of the NSDs with a copy of the template. Each of the NSD template copies can 
then be configured with NSD-specific information...") (emphasis added); and col. 
7, lines 20-26 ("The primary supervisor devices then send a copy of the security 
policy template to each of the selected NSDs. Each NSD stores its copy of the 
security policy template with the NSD's specific security information. Each NSD's 
copy of the security policy template can then be configured with information 
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specific to the NSD.") (emphasis added). See also Rothermel, claims 4, 6, 14, 34 
and 45. 

Applicant further respectfully notes that the Examiner has acknowledged, 

in response to Applicant's prior arguments, that "Rothermel does indeed teach 

such local expansion where a network security device (henceforth NSD) receives 

a template and then expands it by the addition of NSD specific information...." 

Current Office Action, f 3, p. 3. The Examiner further alleges, however, that "the 

Rothermel patent also teaches expansion of a template at a central location with 

later distribution of the expanded information to a plurality of computing devices." 

Current Office Action, f 3, p. 3. The Examiner cited col. 10, line 8 through col. 1 1 

line 17 of Rothermel in support of the allegation, stating that, 

...Rothermel teaches the use of a graphical user interface by an 
administrator to establish a security policy (e.g. Alias lists) in a 
template with subsequent distribution of the template to a plurality of 
computing devices (NSD's). Such establishment of security policies 
for a network in a template does read on the applicant's claim 
limitation of 'expansion' of a template as further developed in the 
arguments presented July 25, 2007 where the Applicant states that 
expansion of a template at a central location comprises using those 
templates at the centralized location. 

Current Office Action, % 3, p. 3. Applicant respectfully traverses the Examiner's 
characterization of the cited art, noting that the cited portion of Rothermel teaches 
"graphical user interface screens such as may be provided by a manager device 
to assist in defining security policy templates " (emphasis added). Thus 
Rothermel teaches operating a user interface to create a security policy template , 
not to establish security policies using the template as alleged by the Examiner. 
Contrary to the Examiner's assertion, Rothermel teaches creating individual 
security policies by combining a common security policy template with individual 
network profiles. As shown in figure 3A of Rothermel, "In order to generate the 
specific security policy for each network, the security policy template is combined 
with the network profile for that network. For example, in order to create security 
policy 315 for network 1, the security policy template 300 is combined with 
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network profile 310 for network 1." Rothermel, col. 10, lines 18-23. Applicant 
thus respectfully submits that the Examiner has conflated the creation of the 
security policy template (via the described graphical user interface) with the use 
of the template to create a security policy for a specific network. Applicant further 
notes that the combination of the security policy template with each network 
profile (as shown in figure 3A) is described in the Rothermel specification in 
abstract terms. No mention is made anywhere within the description of figure 3A 
of what elements of the system perform the combination, nor of any type of 
transfer of the template, network policies, or resulting security policies between 
any of the system elements. All other descriptions of such combinations and 
transfers within the Rothermel reference teach first transferring and/or copying 
the security template to the NSDs, and then combining NSD-specific information 
with the transferred and/or copied template at each NSD. 

For at least the reasons described above, Applicant thus respectfully 
submits that neither the text cited by the Examiner, or any other portion of the 
Rothermel reference, supports the Examiner's allegation that Rothermel teaches 
a template that is expanded at a central location and subsequently distributed to a 
plurality of computing devices. 

II. THE REJECTIONS OF INDEPENDENT CLAIMS 1 , 8, 22 AND 31 

The Examiner rejected independent claim 1 as allegedly anticipated by 
Rothermel, stating, among other things, that "Rothermel teaches... expanding at 
least one template at a central location, and providing the expanded information 
to said plurality of computing devices (col.4, line 49 thru col. 5 line 13)." Office 
Action mailed January 30, 2006 (hereinafter "Prior Office Action"), fl 5, p. 3 
(incorporated by reference into the Current Office Action, % 6, p. 4). Without 
conceding the merits of the Examiner's rejection, Applicant has amended 
independent claim 1 to more clearly describe the claimed invention, and to 
expedite prosecution of the subject application. Applicant respectfully again 
notes that the Examiner has acknowledged that the cited text from Rothermel of 
the Prior Office Action teaches "such local expansion where a network security 
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device (henceforth NSD) receives a template and then expands it by the addition 
of NSD specific information." Current Office Action, f 3 p. 3. 

Applicant further notes that Rothermel does not teach or even suggest 
"expanding at least one template at a central location to create a document 
comprising expanded information," as required by amended independent claim 
1 . Rothermel also does not teach or even suggest subsequently providing the 
created document from the central location to the plurality of computing devices, 
also as required by amended independent claim 1. Although Rothermel 
teaches combining NSD-specific information with a copy of a security template 
that has been copied to the NSD, Rothermel is silent as to the format and/or 
form of the resulting combination. Further, as already noted, Rothermel only 
teaches performing the combination of the template and the NSD-specific 
information at the NSD. Thus, regardless of the form of the product of the 
combination taught by Rothermel, said product already resides on the NSD 
upon its creation at the NSD, and is not transferred to the NSD from a central 
location. 

For at least all the reasons described above, Applicant respectfully 
submits that the Rothermel reference fails to teach or even suggest all of the 
limitations of independent claim 1, as amended. Applicant thus respectfully 
submits that amended independent claim 1 , as well as those claims that depend 
upon it, are not anticipated by Rothermel under 35 U.S.C. 102(b), and all of 
these claims are therefore in condition for allowance. 

Regarding independent claim 8, Applicant respectfully notes that the 
Examiner rejected the claim for substantially the same reasons as claim 1, citing 
the same portion of the Rothermel reference. Independent claim 8 requires, 
among other things, "a plurality of agents which are respectively resident on 
each of said plurality of computing devices," as well as a communications 
gateway that is configured to "expand the retrieved templates to create 
respective documents containing combined template information and expanded 
information," and to "provide the documents containing the combined template 
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information and expanded information to said plurality of agents." As already 
submitted, Rothermel does not teach or even suggest creating such documents, 
nor providing the documents to either a plurality of computing devices, nor to 
agents residing on such computing devices. Thus, for at least the same 
reasons as those presented with regard to independent claim 1, Applicant 
respectfully submits that independent claim 8, as well as those claims that 
depend upon it, are all in condition for allowance. 

Regarding independent claims 22 and 31, and without conceding the 
merits of the Examiner's rejections of the claims, Applicant has amended the 
claims to clearly describe the claimed invention and to expedite prosecution of the 
subject application. Applicant notes that claims 22 and 31, as amended, include 
limitations similar to those of independent claims 1 and 8. Thus, for at least the 
same reasons as those provided regarding claims 1 and 8, Applicant respectfully 
submits that amended independent claims 22 and 31, as well as those claims 
that respectively depend upon them, are all in condition for allowance. 
III. THE REJECTIONS OF DEPENDENT CLAIMS 15, 19, 23, 28-29 AND 32 

Applicant respectfully submits that at least some of the dependent claims 

of the subject application are allowable for other reasons in addition to those 

described above. Specifically, dependent claims 15, 19, 23 and 32 each require 

that the document required by their respective independent claim be an 

extensible markup language (XML) document. In the Current Office Action, the 

Examiner maintains that passages from Rothermel cited in the Prior Office (col. 5 

lines 5-7) teach this claim element. Applicant respectfully notes that the cited 

passage is an incomplete sentence that does not seem to be relevant to the claim 

limitation "wherein said document is an XML document." Specifically, the 

paragraph that includes the cited passage reads, 

In order to remotely manage multiple NSDs, a manager device can 
use one or more intermediate supervisor devices. For example, after 
a security policy template is defined, the manager device can 
distribute the template to multiple NSDs by sending a single copy of 
the template to a supervisor device associated with the NSDs and by 
then having the supervisor device update each of the NSDs with a 
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copy of the template. Each of the NSD template copies can then be 
configured with NSD-specific information from one or more of a 
variety of sources, such as by the manager device, by a local user 
such as a system administrator, or automatically such as with DNS 
information. In particular, aliases in the template copy on a particular 
NSD can be replaced with information about the specific 
corresponding devices that are protected by the NSD, and NSD- 
specific access information can also be specified. For example, an 
alias for an HTTP server can be replaced with the specific network 
address and name of the actual HTTP server. 

Rothermel, col. 4, lines 63-67 through col. 5, lines 1-13 (emphasis added to show 
the passage cited by the examiner). Nowhere with the cited passage is an XML 
document even mentioned. Further, as already noted, Rothermel does not teach 
or even suggest the creation of a document of any kind, and does not teach, 
mention or even suggest an XML document anywhere within the reference. 
Applicant thus respectfully submit that for at least these reasons, and in addition 
to the reasons previously presented, dependent claims 15, 19, 23 and 32 are not 
anticipated by Rothermel, and are thus all in condition for allowance. 

Regarding dependent claims 28 and 29, Applicant respectfully notes that, 
in the Prior Office Action, Applicant had submitted that these claims required 
multiple templates, some of which inherit policies from each other. Applicant 
respectfully notes that the Examiner has failed to address these arguments. 
Applicant continues to respectfully assert that for at least this reason, and in 
addition to those reasons given with regard to independent claim 22, upon which 
claims 28 and 29 depend, dependent claims 28 and 29 are in condition for 
allowance. Applicant respectfully requests that the Examiner either respond to 
the arguments or allow the claims. 
IV, ADDITIONAL AMENDMENTS 

Applicant respectfully notes that dependent claim 1 8 has been amended to 
maintain consistency with the amendments made to independent claim 1 , upon 
which claim 1 8 depends. The amendment does not alter the scope of the claim. 
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V. CONCLUSION 

Applicant respectfully submits that for at least the reasons presented 
above, all claims are in condition for allowance. Applicant respectfully requests 
reconsideration and that a timely Notice of Allowance be issued in this case. It is 
believed that no extensions of time or fees are required, beyond those that may 
otherwise be provided for in documents accompanying this paper. However, in 
the event that additional extensions of time are necessary to allow consideration 
of this paper, such extensions are hereby petitioned under 37 C.F.R. § 1.136(a), 
and any fees required (including fees for net addition of claims) are hereby 
authorized to be charged to Hewlett-Packard Development Company's Deposit 
Account No. 08-2025. 



Respectfully submitted, 
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